<?php
    require_once ("Includes/session.php");
    require_once ("Includes/simplecms-config.php"); 
    require_once ("Includes/connectDB.php");
    include("Includes/header.php"); 
    //check if user
    if (!logged_on())
    {
        header ("Location: logon.php");
    }

    if(isset($_POST['Change']))
    {
        $OPW = trim($_POST['OPW']);
        $PW = trim($_POST['PW']);
        $CPW = trim($_POST['CPW']);
        //validate new password 
        if(empty($PW))
        {
            echo "<script type='text/javascript'>alert('Invalid New Password!')</script>";
        }
        elseif(strcasecmp($PW,$CPW))
        {
            echo "<script type='text/javascript'>alert('Passwords not identical!')</script>";
        }
        else
        {
            //check old pass
            $CheckPass = "SELECT * FROM users WHERE id = ? AND password = SHA(?) LIMIT 1";
            $statement = $databaseConnection->prepare($CheckPass);
            $statement->bind_param('ds',$_SESSION['userid'],$OPW);
            $statement->execute();
            $statement->store_result();

            if($statement->error)
            {
                echo "<script type='text/javascript'>alert('Database query failed!')</script>";
            }

            if ($statement->num_rows == 1 )
            {
                $query = "UPDATE users SET password=SHA(?) WHERE id=? LIMIT 1";
                $passupdate = $databaseConnection->prepare($query);
                $passupdate->bind_param('sd',$PW,$_SESSION['userid']);
                $passupdate->execute();
                $passupdate->store_result();

                if ($passupdate->error)
                {
                    echo "<script type='text/javascript'>alert('Password change Failed!')</script>";
                }

                elseif ($passupdate->affected_rows == 1)
                {
                    echo "<script type='text/javascript'>alert('Password updated successfully!')</script>";
                }
                else
                {
                    echo "<script type='text/javascript'>alert('Password change Failed!!')</script>"; 
                }
                $passupdate->close();
            }
            else
            {
                echo "<script type='text/javascript'>alert('Password invalid')</script>";
            }
        }
    }

?>

<div id="main">
    <h2>Account Info</h2>
    <br/>
    <?php
        require_once ("Includes/connectDB.php");
        $RetrieveInfo = "SELECT (username) FROM users WHERE id = ? LIMIT 1";
        $statement = $databaseConnection->prepare($RetrieveInfo);
        $statement->bind_param('s',$_SESSION['userid']);
        $statement->execute();
        $statement->store_result();

        if($statement->error)
        {
            echo "<script type='text/javascript'>alert('Database query failed!')</script>";
        }

        elseif ($statement->num_rows != 1 )
        {
            echo "<script type='text/javascript'>alert('Account Not found')</script>";
        }
        else
        {
            $temp;
            $statement->bind_result($temp);
            $statement->fetch();

            echo"<h4>User name: $temp</h4>";
            echo"other info here";

            $statement -> close();
        }

    ?>
        <p>______________________________________________________________________________________________________________________________</p>
        <form action="AccountSettings.php" method="post">
            <fieldset>
            <legend>Account settings</legend>
            <ol>
                <li>
                    <label for="OPW">Old Password:</label>
                    <input type="password" name="OPW" id="OPW" required=""/>
                </li>
                <li>
                    <label for="PW">New Password:</label>
                    <input type="password" name="PW" id="PW" required="" onchange="validatePass(this,document.getElementById('CPW'));"/>
                </li>
                <li>
                    <label for="CPW">Confirm Password:</label>
                    <input type="password" name="CPW" id="CPW" required="" onchange="validatePass(document.getElementById('PW'),this);"/>
                </li>
            </ol>
            <input type="submit" name="Change" value="Change" />
            <p>
                <a href="index.php">Cancel</a>
            </p>
        </fieldset>
    </form>
    
</div>

<?php include ("Includes/footer.php"); ?>